For staged approach to the Standard Edition Lync deployment, this is the minimum configuration required to run Lync. The initial Standard Edition topology deployment described in this document includes these environment and components:

A single forest, single domain Active Directory structure.

A single domain controller with Domain Name System (DNS) and an Enterprise Root certification authority (CA)

The information in this document is based on these software and hardware versions:

Active Directory Server

Exchange Server

Lync 2010 Server

Cisco Unified Communication Manager (CUCM) 8.5

PC Client Machine

Note: VMWare for AD, Exchange and Lync.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Cisco UC Integration for Microsoft Lync is tightly integrated with Microsoft Lync to deliver a consistent and compelling user experience while providing the benefits of increased employee productivity and collaboration, reduced infrastructure complexity, and a lower total cost of ownership (TCO).

The member server should be located in the forest root domain. After you install AD DS successfully, the member server becomes a domain controller.

You can install AD DS with the Windows user interface (UI). The Windows UI provides two wizards that guide you through the installation process for AD DS. One wizard is the Add Roles Wizard, which you can access in Server Manager. The second wizard is the Active Directory Domain Services Installation Wizard (Dcpromo.exe). Complete these steps for installation.

Disable IPv6 with these steps:

Uncheck it on the network adapter in order to disable IPv6.

In order to add the DWORD to the registry, choose Run and type Regedit. Then choose HKEY_LOCAL_MACHINESYSTEM > CurrentControl > SetServices > Tcpip6 > Parameters > DisabledComponents and set the value to 0xFFFFFFFF.

Start the Server Manager and start the installation of the AD DS role. For that from Server Manager, Click Add Roles.

On the Add Roles wizard window, click Next.

Choose the Active Directory Domain Services Role.

You are prompted to install the .NET framework 3.5.1 features. Choose Add Required Features and click Next.

An introduction to Active Directory Domain Services appears with some points to note that you have to read. Then click Next.

Next is the confirmation and summary page of the role installation. Click Install.

On the window that appears, uncheck Use advanced mode installation and click Next.

Choose Create a new domain in a new forest.

Set the FQDN of the forest root domain as sjclab.com. You can give any name here based on your domain name.

Set the Forest functional level to Windows Server 2008 and click Next.

Set the Domain functional level to Windows Server 2008 R2 and click Next.

Choose additional options for this domain controller. Ensure that the DNS server is checked and clickNext.

The A delegation for this DNS server cannot be created... Do you want to continue? message appears. Click Yes. This particular setup assumes a brand-new forest and everything, so no action is required.

Default Database / Log files / SYSVOL folder locations as C:\Windows\NTDS should be fine, when you create a smaller deployment with less loads. Otherwise you need to reconsider the locations. Click Next after you choose those locations.

On the Select Server Roles page, choose the Active Directory Certificate Services check box. Then click Next two times.

On the Select Role Services page, choose the Certification Authority check box, and then click Next.

On the Specify Setup Type page, click Enterprise, and then click Next.

On the Specify CA Type page, click Root CA, and then click Next.

On the Set Up Private Key and Configure Cryptography for CA pages, you can configure optional configuration settings, which includes cryptographic service providers. But, for basic testing purposes, click Next twice in order to accept the default values.

In the Common name for this CA box, type the common name for this CA, as ActiveDirectory, and then click Next.

On the Set the Certificate Validity Period page, accept the default validity duration for the root CA, and then click Next.

On the Configure Certificate Database page, accept the default values or specify other storage locations for the certificate database and the certificate database log, and then click Next.

After the verification of the information on the Confirm Installation Options page, click Install.

Review the information on the confirmation screen in order to verify that the installation was successful.

The integration of Lync 2010 and Exchange provides users with features like instant messaging (IM), enhanced presence, telephony, and conferencing capabilities of Lync within the Microsoft Outlook messaging and collaboration client.

Complete these steps in order to install the pre-requisites for exchange 2010:

Add the exchange server to the domain and verify dns entry.

On servers that host the Hub Transport or Mailbox server role, install the Microsoft Filter Pack.

On the Start Menu, choose All Programs > Accessories > Windows PowerShell. Open an elevated Windows PowerShell console, and run the Import-Module ServerManager command.

Use the Add-WindowsFeature cmdlet in order to install the necessary operating system components: For a server that has the typical installation of Client Access, Hub Transport, and the Mailbox role: Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy -Restart

On servers that have the Client Access Server role installed, after the system has restarted, log on as an administrator, open an elevated Windows PowerShell console, and issue the Set-Service NetTcpPortSharing -StartupType Automatic command in order to configure the Net.Tcp Port Sharing Service for Automatic startup.

When the Exchange Server 2010 Client Access Server role is installed, a self-signed certificate is installed automatically, primarily for testing purposes. But, as soon as the installation is finished, a real certificate should be acquired and installed. Exchange Server 2010 uses a Unified Messaging certificate, which holds besides its Subject Name other names as well, called the Subject Alternative Names (SAN).

Create Mailbox Users in Exchange

Choose Recipient Configuration > Mailbox and choose New Mailbox.

Query for Active directory users and Add users. Once you finish adding, the users added appear:

LYNC SERVER 2010 INSTALL

Microsoft Lync Server 2010 communications software and its client software, such as Microsoft Lync 2010, enable users to connect in new ways and to stay connected, regardless of their physical location. Lync 2010 and Lync Server 2010 bring together the different ways that people communicate in a single client interface, are deployed as a unified platform, and are administered through a single management infrastructure.

Deployment of Microsoft Lync Server 2010, Standard Edition requires the use of Topology Builder in order to define your topology and the components you want to deploy, preparing your environment for deployment of the Lync Server 2010 components, importing and publishing your topology design on the Standard Edition server, and then installing and configuring Lync Server 2010 software for the components for your deployment.

While the IM and presence features are automatically installed in every Lync Server deployment, you can choose whether to deploy conferencing, Enterprise Voice, and remote user access. In this example, other features are not enabled since Enterprise Voice using Cisco Unified Communications is enabled.

On the Start Menu, choose All Programs-> Accessories> Windows PowerShell. Open an elevated Windows PowerShell console, and run the Import-Module ServerManager command.

Use the Add-WindowsFeature cmdlet in order to install the necessary operating system components: Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Static-Content,Web-Default-Doc,Web-Http-Errors,Web-Http-Redirect,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Logging,Web-Log-Libraries,Web-Http-Tracing,Web-Windows-Auth,Web-Client-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools -Restart

Install Microsoft Silverlight, which s needed to run the Lync Server 2010 installation GUI. Refer to Microsoft Silverlight for more information.

Create a shared file with name LyncShare with appropriate rights such that everyone has Full Control on the Lync server 2010. You can create the share in any location with any name.

Create these DNS entries

dialin.sjclab.com

meet.sjclab.com

admin.sjclab.com

Install Windows Media Format (WMF) runtime before you run the Lync Server 2010 setup and then restart the server. If you issue this command, this requires permissions equivalent to the Windows server-based computers Local Administrator account.

Insert your Lync Server 2010, DVD.If AutoPlay does not start, navigate to your drive Setupamd64 and execute setup.exe. The first thing you need to do is to install Microsoft Visual C++ 2008 Redistributable Package, and then click Yes in order to proceed.

When Microsoft Visual C++ 2008 Redistributable Package is installed you need to choose the installation directory. The default location is fine, or you can change the location to match your preferences and then click Install.

Next you need to accept the license agreement. Check I accept the terms in the license agreement and then click OK.

On the Members tab, click Add. In Select Users, Contacts, Computers, Service Accounts, or Groups dialog, locate the Enter the object names to select. Type the user name(s) or group name(s) to add to the group CSAdministrators. Click OK.

On the Members tab, confirm that the users or groups that you selected are present. Click OK.

After the completion of these steps, click on Back in order to return to the Deployment Wizard.

Choose where to save your topology files. For example, C:\Lync Server 2010 Topology Builder and call it MyTopology.tbxml. When you are finished choosing name ad location click Save.

Then enter a SIP domain that matches company preferences, sjclab.com. This is the internal domain name in AD family domain and works well for the purpose of this installation, click Next to continue.

Enter a name of the default site, then click Next to continue.

Here you need not add any additional SIP domains at this point, click Next to continue.

Enter your City, State and Country and click Next to continue.

Continue to configure a front end pool so click Finish. When the New Front End Pool wizard starts click Next to continue.

Now define a FQDN for our Front End Pool. Since this is a simple single server installation use the servers FQDN sjclab.com and choose Standard Edition Server and click Next to continue.

Lync Server Installation enables Presence and IM by default.

In order to collocate the mediation server, check Collocate Mediation Server role and then click Next.

Choose any other roles to enable more components; if not click Next to continue.

SQL server has already been installed on the Lync Server 2010 server and the wizard finds it automatically. Click on Next to continue.

Now enter the share folder name, which was created in the Pre-Requisites section. Enter public File Server FQDN: lync.sjclab.com and share folder name LyncShareand click Next to continue.

Skip adding a gateway at this moment and specify the External Base URL: lync.sjclab.com, which can be same as your internal or can be different. Click Finish to complete defining Front End Pool wizard.

When the wizard closes you arepresented with the Topology builder. Take a moment to go through the configuration, then go back to the original screen and click on Edit Topology.

In the left pane, choose Simple URLs, in the main pane, enter a URL in the field Administrative access URL. Here this is https://admin.sjclab.com, then choose the Front end server to install Central Management Server on. If all is well you should only have one choice here, click Ok when done.

Now it is time to publish the topology that was built to the management server. Back in the topology builder, click on Publish Topology in the Actions Pane.

When the wizard has loaded, click on Next to start the publishing.

You should only have one Central Management Server, make sure it is selected in the drop-down list and then click Next.

When the wizard completes, make sure that all steps are successful and then click. Finish.

In order to finish Lync server installation, go to initial Lync Server Deployment Wizard, which is accessible now through the start menu. Choose Install or Update Lync Server System to continue.

Here you need to click Run Button corresponding to each steps.

After you complete the Start Services task, if Lync Deployment Wizard does not show the task as completed, then go to msservices.exe to make sure that all the Lync services are started.

Finally you need to create a SRV DNS record for your new Lync Server. Without this record, your Lync client is unable to locate the server location. In order to create one, access your DNS manager and right-click the Forward Lookup Zone for your SIP FQDN. Then click Other New Records and Service Location (SRV). Complete with the server settings as in this example:

Lync 2010 delivers easy and engaging access to multiple communication modes through a single, simplified interface. Users can connect and collaborate from any location that has Internet connectivity. Before proceed to install ensure the following:

Client PC needs an entry in DNS and also needs to be part of the Domain

Ensure that root certificate on client is installed so that client trusts certificate from Lync.

Complete these steps in order to install the Root Certificate on to the client machine.

Login into CA Server from https://<CA Server>/certSrv and download the CA Certificate, with the name certnew.cer.

View and install the CA Root Certificate on to the client machines.

Certificate Import Wizard is launched.

Browse the certificate store where you want to place the certificates.

Click on Finish to complete the Certificate Import.

Click Yes on the security warning.

Successfully imported the CA root certificate.

In order to verify if the certificate is loaded to the Trusted Root Certificates, choose Start > Run > mmc (Microsoft Management Console).

First time login or changing the Sign-in Address prompts for the username and password.

CUCI-LYNC configuration

The Cisco UC Integration for Microsoft Lync works with these applications:

Microsoft Lync

Microsoft Office Communicator

Cisco UC Integration for Microsoft Lync uses Cisco Unified Client Services Framework. Cisco Unified Client Services Framework provides Cisco telephony services and next-generation media services for Cisco UC Integration for Microsoft Lync. The integration works in the same way with each of these applications. The Cisco UC Integration for Microsoft Lync adds a Cisco UC pane at the bottom of the Microsoft Lync or Microsoft Office Communicator window. The picture shows the topology for Cisco UC Integration for Microsoft Lync Interactions with Network Servers.

Integration Notes

Active Directory provides Phone Numbers for CUCILYNC.

Lync server expects the phone numbers to be in E.164 format, and rejects any numbers that are not in this format.

If the numbers in Active Directory are not in +E.164 format, then configure normalization rules to ensure that Lync client downloads +E.164-formatted numbers from the Lync server.

Lync server creates an address book, which is downloaded by Lync Client

Ensure that the user IDs, devices, and directory numbers match in AD, Lync and CUCM.

Configure users so that each user has a phone number that can be correctly dialed within the context of your CUCM configuration.

When you place a call to a contact in Lync, the phone number is passed to CUCILYNC; CUCILYNC uses the number to call the contact through CUCM.

CUCILYNC also uses LDAP directly to search for contact information.

When you display a CUCILYNC contact card, the full name and organization information comes from an LDAP search of Active Directory.

When you receive a call, the LDAP connection to Active Directory is used to search for caller information to match the incoming number.

In order to accomplish this task you need to create Client Service Framework (CSF) Device in CUCM, which gets registered when the Call Control is connected to Lync 2010 and operates in Softphone mode. The Directory Number DN of this CSF device needs to be shared with the Actual Device of the user.

Configure CSF Device with the same Directory Number (DN) as Physical SEP Device.

Associate End user to the Shared Line DN from the CSF and SEP Device DN Configuration page.

Associate CSF Device and SEP Device to the end user Controlled Device list.

Configure Primary Extension on the End User page.

Assign End Users to User Groups.

When CUCILYNC is in SoftPhone Mode, you notice that the CSF Device is registered.

Configure Registry Keys for CSF Client Integration—Use the Registry file in CUCI-Lync-Admin zip folder that you download from CCO for the configuration of the Registry Settings for the CSF Client Integration.

The explanation for each field is given here:

TFTPServer Address—Enter the IP address or fully qualified domain name of the primary TFTP server in your Cisco Unified Communications system, and any other TFTP servers. If you are using certificates, the certificate common name must match the network identifier used to access to host, that is, the IP address or the hostname.

Note: This is where CSF Device downloads its configuration file.

CTI Server— Enter the IP address or fully-qualified domain name of the primary CTIManager server in your Cisco Unified Communications system, and the secondary CTIManager server, if present. If you are using certificates, the certificate common name must match the network identifier used to access to host, that is, the IP address or the hostname.

UseCUCMGroupForCti—Set this value to True if you want to use the relevant Cisco Unified Communications Manager group information on the Cisco Unified Communications Manager server to determine which CTI Servers to use instead of the CtiServer1 and CtiServer2 registry subkey names.

Note: True: You want CUCM Group to determine the CTI Server Group.

CcmcipServer—Enter the IP address or fully-qualified domain name of the primary CCMCIP server in your Cisco Unified Communications system, and the secondary CCMCIP server, if present. If you are using certificates, the certificate common name must match the network identifier used to access to host, that is, the IP address or the hostname.

CcmcipServerValidation—Enter the type of security certificate validation for Client Services Framework to use with HTTPS to sign in to Cisco Unified Communications Manager to retrieve the device list. Enter one of the following values:

Client Services Framework accepts all certificates.

Client Services Framework accepts certificates that are defined in the keystore and self-signed certificates.

Client Services Framework only accepts certificates that are defined in the keystore.

Note: Client Services Framework uses this certificate to verify the Cisco Unified Communications Manager server. When the certificate is accepted, Client Services Framework must use the credentials of the user to sign in to Cisco Unified Communications Manager.

EnableNativeDirectoryProvider—Specify whether to use Enhanced or Basic Directory Integration to get contact information from Active Directory. Enter one of the following values:

Use Basic Directory Integration. This is the default value.

Use Enhanced Directory Integration. Data type: REG_SZ

VoicemailPilotNumber— Enter the number of the voice message service in your Cisco Unified Communications system. This value only relates to when users use the desk phone to access their voice messages. If users are using the phone on their computer to access voicemail, the pilot number comes from the voicemail pilot number associated with the voicemail profile configured on the Client Services Framework device.